Configuring connection-based automation in an i5/OS or OS/400 and Kerberos environment
- operate within a Windows Domain
- have Kerberos-based network authentication enabled on each target iSeries system
- run i5/OS V5R4 or later (these versions support Kerberos-based network authentication)
- run one or more of the following client operating systems:
- Windows 2000 (Professional, Server, and Advanced Server)
- Windows XP Professional
- Windows Server 2003
The iSeries environment provides single sign-on capability by working in conjunction with Kerberos-based network authentication and an IBM technology called Enterprise Identity Mapping (EIM). Z and I Emulator for Web uses this existing methodology for acquiring credentials to allow users to bypass the host session login screen.
Both EIM technology and Kerberos are available with i5/OS V5R4 or later operating systems. EIM is an IBM infrastructure technology that allows you to manage multiple user identities and user registries easily and inexpensively while maintaining secure authentication and authorization. This architecture describes the relationships between individuals or entities in an enterprise and the many identities that represent them within the enterprise. Kerberos, on the other hand, is a network authentication protocol that identifies and authenticates users who request to log on to a network. Together, EIM and Kerberos provide single sign-on capability.
- IBM i Enterprise Identity Mapping document: https://www.ibm.com/docs/en/i/7.1?topic=security-enterprise-identity-mapping
- IBM i resources: https://www.ibm.com/docs/en/i
Once you have configured your iSeries environment to use single sign-on capability, you are ready to configure Z and I Emulator for Web to extend this single sign-on capability. To accomplish this, take the following two steps: